SAP GUI communication happens using the SAP DIAG protocol which is generally compressed making plain old networking sniffing out of the question which is exactly where the plugin comes into play.

If you want to experiment with what can be captured without compression set the system environment variable TDW_NOCOMPRESS to 1.

For a demo of how to capture SAP passwords using Wireshark see my video below.

In order to combat the vulnerability of having your SAP passwords sniffed then SAP recommends using SNC to provide end to end encryption but I have to admit I’ve not yet seen a company with this implemented. A good alternative method would be to encrypt everything on your network by using IPSEC

If you’re looking for an even easier way to capture SAP User passwords see my Cain and Abel posting on the same topic.